Privacy Policy & DPA
Last Updated: 16 July 2026
This page has two parts: a Data Processing Agreement between QuickSeater and Restaurants using the platform, and a public Privacy Policy for anyone whose data we handle â Restaurant owners, staff, and the guests they book.
Data Processing Agreement (DPA)
This is a contract between MOT Enterprise Group SRL, trading as QuickSeater ("we"), and the Restaurant using our platform (the "Client"), governing how we handle personal data on the Restaurant's behalf. If you are a diner reading this because you made a booking, the Restaurant you booked with is the data controller for your information â see Part 2 for how we, as their data processor, handle it.
A. Roles & Definitions
- Controller: the Restaurant, which decides why and how its guests' and staff's data is used.
- Processor: QuickSeater, which processes that data only to provide the reservation platform, under the Restaurant's instructions.
- Guest Data: any personal data about a diner â name, phone number, email address, and reservation details â entered into the platform by or on behalf of the Restaurant. Guest Data does not include a Restaurant's own subscription/billing information, which QuickSeater holds as a controller (see Part 2, Section E).
B. Scope & Nature of Processing
QuickSeater processes Guest Data solely to provide table-booking, guest communication, and reservation-management features to the Restaurant, for as long as the Restaurant's account is active (plus any retention period described in Part 2, Section K). This includes storing reservations, sending confirmation and reminder messages by email and SMS, and calculating guest reliability indicators as described in Part 2, Section G.
A note for Restaurants: booking notes and tags are free-text fields. Please avoid entering special-category data (health conditions, allergies, religious or dietary requirements tied to belief, etc.) unless it is necessary for the booking and you have a lawful basis to record it â for example, note "kitchen briefed on allergy" rather than the specific medical detail wherever possible.
C. Security Measures
We apply technical and organizational measures appropriate to the data we process, including:
- Passwords are hashed and never stored in plain text; all traffic is encrypted in transit (HTTPS/TLS).
- Token-based authentication with role-restricted access to each Restaurant's own dashboard and data.
- Standard web-security protections against cross-site scripting and common injection attacks, plus automated rate-limiting to reduce abuse and brute-force attempts.
- Access to guest data is limited to what QuickSeater needs to operate and support the platform.
- Payment card data is never handled by our own servers â it is collected and stored directly by Stripe, our PCI-DSS certified payment processor (see Part 2, Section E).
No method of transmission over the internet or electronic storage is completely secure. While we work hard to protect personal data, we cannot guarantee its absolute security.
D. Sub-processors
The Restaurant grants QuickSeater general authorization to engage third-party sub-processors to provide the platform, currently including: our hosting/infrastructure provider; our transactional email provider; our SMS delivery provider, used to send booking-related text messages; and Stripe, used to process a Restaurant's own subscription payments (this does not involve Guest Data). We do not currently use third-party analytics or advertising services. A current list of sub-processors, including specific vendor names, is available on request, and we will notify the Restaurant of any material change.
E. Data Subject Requests
Where a guest contacts QuickSeater directly to exercise their rights (access, correction, deletion, etc.), we will either action the request or forward it to the relevant Restaurant and provide reasonable assistance so they can respond within their legal deadlines.
F. International Transfers & Breach Notification
If personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as the UK's International Data Transfer Addendum. If we become aware of a personal data breach affecting a Restaurant's Guest Data, we will notify the Restaurant without undue delay.
Privacy Policy
This is the public-facing policy for everyone whose data QuickSeater handles: Restaurant owners and staff who use our dashboard, and diners who book a table through a Restaurant's QuickSeater booking page.
A. Who We Are
QuickSeater, operated by MOT Enterprise Group SRL ("we," "us"), provides table-reservation software to restaurants. This policy covers data collected when you create a Restaurant account, when you book a table through a Restaurant's QuickSeater page, or when you contact us directly.
B. Controller vs. Processor
For a Restaurant's own account data (business details, login credentials, billing and subscription data), QuickSeater is the data controller. For guest/diner data entered into the platform by a Restaurant, the Restaurant is the data controller and QuickSeater is the data processor, acting under the Data Processing Agreement in Part 1.
C. Information We Collect
- Restaurant accounts:Restaurant/business name, login username and hashed password, business address, contact phone number, restaurant email address, opening hours, website and social media links, restaurant photo, floor plan/table layout, and â for Restaurants on a paid plan â billing details processed via Stripe (see Section E).
- Guests / diners:First and last name, email address, phone number, and reservation details (date, time, party size), plus booking history used to calculate a reliability indicator (see Section G). Some of this is provided directly by the guest; some is entered on their behalf by Restaurant staff.
- Automatically collected:IP address and basic technical request logs, used only for security purposes such as rate-limiting and blocking abusive traffic â not for tracking, advertising, or analytics profiles. See Section H on cookies.
- Correspondence:Name, work email, restaurant name, and message content submitted through our "Contact Us" form.
We do not collect full payment card numbers directly â for Restaurant subscription payments, card details are collected and stored by Stripe, our payment processor (see Section E). We do not collect voice or call recordings. If we introduce features that require additional data â such as a phone-based booking assistant â we will update this policy, and identify any new sub-processor, before that data collection begins.
D. How We Use Your Information
- To create and manage Restaurant accounts â performance of a contract.
- To create, manage, and fulfil table reservations â performance of a contract with the Restaurant.
- To send booking confirmations and reminders by email and SMS, and to notify Restaurant owners of new bookings â performance of a contract; legitimate interest in reducing no-shows.
- To process subscription payments when a Restaurant upgrades their plan â performance of a contract; legal obligation (accounting/tax).
- To calculate a guest reliability indicator from booking history â legitimate interest in helping Restaurants manage no-show risk (see Section G).
- To respond to enquiries submitted through our contact form â legitimate interest / consent.
- To keep the platform secure and available, including detecting abuse and rate-limiting requests â legitimate interest; legal obligation.
E. Payment Processing (Stripe)
When a Restaurant upgrades to a paid plan, we use Stripe to process the payment. Stripe collects and stores the full card details directly â QuickSeater's own servers never receive or store your complete card number. We receive limited billing information back from Stripe, such as billing name and address, card brand, last 4 digits, expiry date, and subscription/invoice status, which we use to manage the subscription and show billing history in the dashboard.
Stripe is a PCI-DSS Level 1 certified payment processor. For some purposes â such as fraud prevention and its own regulatory compliance â Stripe acts as an independent data controller, and its processing is governed by Stripe's own privacy policy, not this one. This payment flow covers a Restaurant's own subscription billing only â we do not use Stripe, or collect card details, for guest-side reservation deposits or charges.
F. SMS & Email Communications
We use a guest's phone number and email address to send reservation-related messages â booking confirmations, reminders, and reconfirmation requests â using our email delivery provider and our SMS delivery provider (see Part 1, Section D). These are service messages tied to a specific booking, not marketing.
Standard message and data rates from your mobile carrier may apply to SMS messages. If you'd prefer not to receive SMS reminders, contact the Restaurant you booked with or contact us directly â note that opting out may affect a Restaurant's ability to confirm or remind you about a booking. If we ever send marketing communications (for example, to Restaurant owners about new features), you will always be able to unsubscribe using a link in the message or by contacting us.
G. Automated Processing: Guest Reliability Indicator
When a guest makes a reservation, our platform calculates a reliability indicator from that guest's booking history (completed, cancelled, and missed reservations), which Restaurants may use to decide whether to request a reconfirmation for a booking. This indicator is informational only â it does not automatically cancel a reservation, apply any charge, or take any other action without a member of the Restaurant's staff reviewing it.
Because this indicator is built from a guest's overall history on QuickSeater rather than a single Restaurant's records, it may draw on reservations made with other Restaurants on the platform. You can contact us using the details in Section O to ask how your indicator was calculated or to raise a concern about it.
H. Cookies & Local Storage
QuickSeater's own platform does not use cookies for tracking, advertising, or analytics, and we do not run third-party analytics or advertising scripts. When you log in to a Restaurant account, we store a security token in your browser's local storage to keep you signed in â this token is never shared with third parties and is cleared when you log out or clear your browser data.
When a Restaurant completes a subscription payment, Stripe's checkout may set its own cookies as part of its fraud-prevention and security systems. Those cookies are set and controlled by Stripe, not QuickSeater, and are governed by Stripe's own privacy and cookie policy.
I. How We Share Your Information
We do not sell personal data. We share it only with:
- The Restaurant a guest books with, since the Restaurant is the data controller for that booking.
- Service providers who process data on our behalf under contract: our hosting/infrastructure provider, our transactional email provider, our SMS delivery provider, and Stripe for Restaurant subscription payments only â listed as sub-processors in Part 1, Section D.
- Authorities, where required by law, to protect our legal rights, or to prevent fraud or abuse.
- A successor organization, if QuickSeater is involved in a merger, acquisition, or sale of assets â we will notify affected account holders of any resulting change in ownership or use of their personal data.
J. International Data Transfers
Some of our sub-processors â including Stripe â may process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as the UK's International Data Transfer Addendum or the sub-processor's own standard contractual clauses, to keep your data protected to UK standards.
K. Data Retention
- Restaurant account data is retained while the account is active, and for a reasonable period afterward for legal, accounting, and dispute-resolution purposes.
- Payment and billing records are retained for as long as required by UK tax and accounting law (typically up to 6 years), even after an account is closed.
- Guest and reservation data is retained for as long as instructed by the Restaurant or as needed to provide the service. We aim to delete or anonymize it within 30 days of a Restaurant's account closure or a valid deletion request, except where we must retain it longer to comply with the law.
- Technical security logs (e.g. IP addresses collected for rate-limiting) are kept only briefly â typically no more than 90 days â before being deleted.
- Contact-form enquiries are retained only as long as needed to resolve them.
L. Your Rights
Subject to UK GDPR, you have the right to access, correct, delete, or restrict the use of your personal data, to object to certain processing, to receive your data in a portable format, and to withdraw consent where processing relies on it.
If you are a guest, the quickest route is usually to contact the Restaurant you booked with directly, since they are the data controller for your booking. For account data, or if you'd like our help reaching a Restaurant, contact: contact@quickseater.com
M. Children's Privacy
QuickSeater is intended for use by adults booking or managing restaurant reservations. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
N. Changes to This Policy
We may update this policy as QuickSeater's features change. We will update the "Last Updated" date above, and for material changes affecting how we use previously collected data, we will take reasonable steps to notify Restaurant account holders before the change takes effect.
O. Contact Us & Complaints
Questions about this policy or how your data is handled can be sent to contact@quickseater.com. If you're unhappy with how we've handled your personal data, you have the right to complain to the UK's supervisory authority, the Information Commissioner's Office (ICO), or the data protection authority in your own country of residence.